įor example, In your lookup table has a field name “ age” but inĮvent you want to show that as “ emp_age” so you have to write “ age=emp_age” With “ emp_name” in lookup so you will have to write, “ emp_name= name” Lookup output fields: =. įor example, you have a “ name” field in event which is matching Destination app: Name: Lookup table: Apply to: Named: Lookup input fields: =. Fill the all mandatory fields as shown below. Then it will open the dialog box to upload the lookup file. Go to the Settingsand click on Lookupsand select Automatic Lookup. Also you can access the lookup definition file using inputlookup command. In this way you can create a lookup definition. Otherwise it will through an error for the other users if we create a automatic lookup using this lookup definition file.
NOTE: Permission of your lookup file needs to be global for creating lookup definitions. Fill the all mandatory fields as shown Destination App: Name: Type: Lookup file: Īfter creating it change the permission to global of the lookup definition. Then click on Lookup definitions and New Lookup Definition.
Then go to the Settings and click on Lookups Log in to your Splunk instance with your credentials. Let’s start with creating a lookup definition for lookup table “ status_code.csv” (which we had already uploaded while we were discussing about lookup table files in our previous blog which consist of two fields, “status_code” and “ status_information” it’s basically giving us all HTTP response status codes like 402 is for “ Payment Required”, 403 is for “ Forbidden” and 404 is for “ Page Not Found” etc.) Also we can use that lookup definition file to access the lookup file’s contents as well. One lookup table or file can have multiple lookup definitions. To create any automatic lookup we need to create a lookup definition for that, which basically contains a lookup table or file name and a path to find that lookup file. After creating an automatic lookup, don’t have to use lookup command to interact with lookup files or tables. In this blog we will cover “ Lookup Definition and Automatic Lookup”.Īutomatic lookups basically is a procedure to apply a lookup to all searches at search time. I will request you to go through that blog before starting this one. This is the continuation of our previous Lookup blog Lookup – Lookup Table Files ( Part – 1). Lookups – Lookup Definition and Automatic Lookup ( Part – 2 )
0 kommentar(er)
